Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security advice and help required please


Jaguars

Recommended Posts

Hello

 

I am trying to find out the best way to keep security and session i.d., after installing an additional navigation bar.

The bar is produced with "CSS" ,"XHTML" and a pair of small "Gifs" to creat the look of the buttons.

 

I have added the required code to the "stylesheet.css and then the code below to the "includes/header.php" . This is placed right after the code for the "My account", "Cart contents" and "Checkout" clickable Icons in the header document.

 

What I am trying to find out is the best way of keeping within the security and session i.d. format, as I beleive the hard code address format I have at present, will give security warnings, after the "SSL" certificate is added.

 

The following is taken from the "PDF manual with the osCommerce software", am I looking at this the right way or will it not work correctly because of the use of xhtml and css to generate the navigation bar.

 

This is from page 79 of the manual.

SECOND:

This one is a clickable image link for a page within your web site.

Code:

<?php echo '<a href="' . tep_href_link('your_directory/your_page.php') . '">' .

tep_image(DIR_WS_IMAGES . your_image.gif) . '</a>'; ?>

To make it a text link for a page within your web site:

Code:

<?php echo '<a href="' . tep_href_link('your_directory/your_page.php') . '">' . Your Text

Here . '</a>'; ?>

 

 

 

 

I have added the following to the "includes/header.php" file, for the use of a tab navigation bar. This has "CSS" and "XHTML" with two small "GIFs" to create the button image.

 

 

<td align="left" valign="bottom">

<div id="tabs">

<ul>

<!-- CSS Tabs -->

<li><a href="http://www.mysite.co.uk/shop/index.php"><span>Home</span></a></li>

<li><a href="http://www.mysite.co.uk/shop/index.php"><span>Products</span></a></li>

<li><a href="http://www.mysite.co.uk/shop/account.php"><span>Sign In</span></a></li>

<li><a href="http://www.mysite.co.uk/shop/shopping_cart.php"><span>Cart</span></a></li>

<li id="current"><a href="http://www.mysite.co.uk/shop/checkout_shipping.php"><span>Order</span></a></li>

<li><a href="http://www.mysite.co.uk/shop/index.php"><span>News</span></a></li>

 

</ul>

</div>

</td>

</tr>

</table>

 

 

 

All advice appreciated, and thank you for looking.

 

Dave

:sweating:

Link to comment
Share on other sites

You have answered your own question!

 

An example for you:

<li><?php echo '<a href="' . tep_href_link('http://www.mysite.co.uk/shop/index.php') . '">'; ?><span>Home</span></a></li>

 

 

Tom

Link to comment
Share on other sites

Hi Tom

 

thank you for your advice, I have added the lines as you suggested in your post but got only the word showing for "HOME" and this was not clickable and the button was not showing.

 

As the buttom image is created by two small gif images driven by the "CSS" stylesheet, I tried with the clickable image version of the script.

 

First time with just one gif listed, and this was no go, the gif showed but the clickable link was not working.

 

The second time I added another image link, not certain if this is the correct way to display, I do not think so, still not working.

 

I only tried this with one button on the tab navigation, at a time until I get it right.

 

The script as written;

 

<li><?php echo '<a href="' . tep_href_link('http://www.eng1.co.uk/shop/index.php') . '">' .

tep_image(DIR_WS_IMAGES . tableftF.gif). '">' .tep_imagess(DIR_WS_IMAGES . tabrightF.gif) . '</a>'; ?><span>Home</span></a></li>

 

The image of the buttons

 

buttonpic.png

 

The tab buttons, should show all in a line above the "breadcrumb navigation bar" not stacked as they are here before changing they worked all in a line.

 

Could you point me in the right direction, any ideas.

 

Thanks Dave

 

:thumbsup:

 

 

 

 

You have answered your own question!

 

An example for you:

<li><?php echo '<a href="' . tep_href_link('http://www.mysite.co.uk/shop/index.php') . '">'; ?><span>Home</span></a></li>

Tom

Link to comment
Share on other sites

I can see a small typo in the code you posted:

 

<li><?php echo '<a href="' . tep_href_link('http://www.eng1.co.uk/shop/index.php') . '">' .
tep_image(DIR_WS_IMAGES . tableftF.gif). '">' .tep_imagess(DIR_WS_IMAGES . tabrightF.gif) . '</a>'; ?><span>Home</span></a></li>

 

the 2nd tep_image should not have the ss and the filename needs to be inside single quotes and you have an extra >

 

Try:

<li><?php echo '<a href="' . tep_href_link('http://www.eng1.co.uk/shop/index.php') . '">' .
tep_image(DIR_WS_IMAGES . 'tableftF.gif').  tep_image(DIR_WS_IMAGES . 'tabrightF.gif') . '</a>'; ?><span>Home</span></a></li>

 

although should the word home not appear between the left and right images? If so then it would be:

 

<li><?php echo tep_image(DIR_WS_IMAGES .' tableftF.gif') . '<a href="' . tep_href_link('http://www.eng1.co.uk/shop/index.php') . '">' . '<span>Home</span></a>' . tep_image(DIR_WS_IMAGES . 'tabrightF.gif'); ?></li>

 

HTH,

Tom

Link to comment
Share on other sites

Hi Tom

 

thank you for your reply. I have tried both ways that you have listed the first no different.

 

The second way the button tabs appear in a row as they should be, but I also have the GIFs appearing above the tab buttons also?

 

When I click on the link I get an 404 error page come up also.

 

Any ideas, could it be listing the GIFs as they are driven by the "CSS" with this navigation bar.

 

Thanks again

 

Dave

 

:thumbsup:

 

 

I can see a small typo in the code you posted:

 

<li><?php echo '<a href="' . tep_href_link('http://www.eng1.co.uk/shop/index.php') . '">' .
tep_image(DIR_WS_IMAGES . tableftF.gif). '">' .tep_imagess(DIR_WS_IMAGES . tabrightF.gif) . '</a>'; ?><span>Home</span></a></li>

 

the 2nd tep_image should not have the ss and the filename needs to be inside single quotes and you have an extra >

 

Try:

<li><?php echo '<a href="' . tep_href_link('http://www.eng1.co.uk/shop/index.php') . '">' .
tep_image(DIR_WS_IMAGES . 'tableftF.gif').  tep_image(DIR_WS_IMAGES . 'tabrightF.gif') . '</a>'; ?><span>Home</span></a></li>

 

although should the word home not appear between the left and right images? If so then it would be:

 

<li><?php echo tep_image(DIR_WS_IMAGES .' tableftF.gif') . '<a href="' . tep_href_link('http://www.eng1.co.uk/shop/index.php') . '">' . '<span>Home</span></a>' . tep_image(DIR_WS_IMAGES . 'tabrightF.gif'); ?></li>

 

HTH,

Tom

Link to comment
Share on other sites

Ok, try this line:

 

<li><?php echo '<a href="' . tep_href_link(DIR_WS_HTTP_CATALOG . FILENAME_DEFAULT) . '">' . '<span>Home</span></a>'; ?></li>

 

If this isn't working perhaps try posting a snippet of the html from the browser (view page source in browser) to track down what's happening.

 

Tom

Link to comment
Share on other sites

Hi Tom

 

thanks again. Well tried that and I now have the nav bar as I wish to see it, and no additional views of the GIFs.

 

When clicking on the link it still goes to a page 404 file not found error. The button has a sid number allocated but if you click on any other buttons the button loses it's, sid number? And just shows the plain html style address when you hover over the tab button.

 

I have taken a page source, with the browser and this is a copy of the area with the navigation bar detail:-

 

 

<table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr class="header">

<td align="right" valign="middle"><a href="http://www.eng1.co.uk/shop/index.php?osCsid=dd31a45d1072c5ffb064543d8987a90d"><img src="images/eng1.gif" border="0" alt="The ENG1 Store" title=" The ENG1 Store " width="181" height="43"></a></td>

 

<td align="right" valign="bottom"><a href="http://www.eng1.co.uk/shop/account.php?osCsid=dd31a45d1072c5ffb064543d8987a90d"><img src="images/header_account.gif" border="0" alt="My Account" title=" My Account " width="30" height="30"></a> <a href="http://www.eng1.co.uk/shop/shopping_cart.php?osCsid=dd31a45d1072c5ffb064543d8987a90d"><img src="images/header_cart.gif" border="0" alt="Cart Contents" title=" Cart Contents " width="30" height="30"></a> <a href="http://www.eng1.co.uk/shop/checkout_shipping.php?osCsid=dd31a45d1072c5ffb064543d8987a90d"><img src="images/header_checkout.gif" border="0" alt="Checkout" title=" Checkout " width="30" height="30"></a> </td>

<td align="left" valign="bottom">

<div id="tabsF">

<ul>

<!-- CSS Tabs -->

 

<li><a href="http://www.eng1.co.uk/shop//shop/index.php?osCsid=dd31a45d1072c5ffb064543d8987a90d"><span>Home</span></a></li>

<li><a href="http://www.eng1.co.uk/shop/index.php"><span>Products</span></a></li>

<li><a href="http://www.eng1.co.uk/shop/account.php"><span>Sign In</span></a></li>

<li><a href="http://www.eng1.co.uk/shop/shopping_cart.php"><span>Cart</span></a></li>

 

<li id="current"><a href="http://www.eng1.co.uk/shop/checkout_shipping.php"><span>Order</span></a></li>

<li><a href="http://www.eng1.co.uk/shop/index.php"><span>News</span></a></li>

 

</ul>

</div>

</td>

</tr>

</table>

 

Thanks again

 

Dave

 

:sweating:

 

Ok, try this line:

 

<li><?php echo '<a href="' . tep_href_link(DIR_WS_HTTP_CATALOG . FILENAME_DEFAULT) . '">' . '<span>Home</span></a>'; ?></li>

 

If this isn't working perhaps try posting a snippet of the html from the browser (view page source in browser) to track down what's happening.

 

Tom

Link to comment
Share on other sites

Looking at your message and your site the reason the "Home" tab doesn't work and gives the 404 error is because of "/shop//shop/index.php" (note the double slash and double shop) however the tabs at the bottom of the page have correct links. If you look at the code for the bottom tabs and compare to the top.

 

With reference to other tabs not having osCid attached - are you useing the tep_href_link function for these in the same way?

Link to comment
Share on other sites

Hi Tom

 

any idea what may be the cause of that.

I copied the last code section you sent with no additions or alterations. What could be causing the double entry!

Could it be the use of the second nav bar at the bottom, in some way generating this.

 

The other tab buttons I have not yet added the code "tep_href_link "

 

Regards

 

Dave

 

 

Looking at your message and your site the reason the "Home" tab doesn't work and gives the 404 error is because of "/shop//shop/index.php" (note the double slash and double shop) however the tabs at the bottom of the page have correct links. If you look at the code for the bottom tabs and compare to the top.

 

With reference to other tabs not having osCid attached - are you useing the tep_href_link function for these in the same way?

Link to comment
Share on other sites

The double link may be caused by a incorrect setting in either includes/configure.php or includes/filenames.php.

 

The reason for the other links not having osCid attached when the 1st does is because they do not yet huse the tep_href_link (this is the function that checks sessions are maintained when creating links).

 

Tom

Link to comment
Share on other sites

I will get a copy of those files from the server, I have not touched them since they were installed.

Should I add the www.mysite.co.uk and so forth to the detail as all I copied to the includes/header.php was

 

<li><?php echo '<a href="' . tep_href_link(DIR_WS_HTTP_CATALOG . FILENAME_DEFAULT) . '">' . '<span>Home</span></a>'; ?></li>

 

And made no adjustments or www.mysite.co.uk added, just copy and paste into includes/header.php

 

Thanks

 

Dave

 

 

The double link may be caused by a incorrect setting in either includes/configure.php or includes/filenames.php.

 

The reason for the other links not having osCid attached when the 1st does is because they do not yet huse the tep_href_link (this is the function that checks sessions are maintained when creating links).

 

Tom

Link to comment
Share on other sites

These are the parts of the other files I beleive you are suggesting may be at fault. I can not see what may be wrong here, so have copied over a part of the code.

 

includes/filenames.php

 

define('FILENAME_ACCOUNT', 'account.php');

define('FILENAME_ACCOUNT_EDIT', 'account_edit.php');

define('FILENAME_ACCOUNT_HISTORY', 'account_history.php');

define('FILENAME_ACCOUNT_HISTORY_INFO', 'account_history_info.php');

define('FILENAME_ACCOUNT_NEWSLETTERS', 'account_newsletters.php');

define('FILENAME_ACCOUNT_NOTIFICATIONS', 'account_notifications.php');

define('FILENAME_ACCOUNT_PASSWORD', 'account_password.php');

define('FILENAME_ADDRESS_BOOK', 'address_book.php');

define('FILENAME_ADDRESS_BOOK_PROCESS', 'address_book_process.php');

define('FILENAME_ADVANCED_SEARCH', 'advanced_search.php');

define('FILENAME_ADVANCED_SEARCH_RESULT', 'advanced_search_result.php');

define('FILENAME_ALSO_PURCHASED_PRODUCTS', 'also_purchased_products.php');

define('FILENAME_CHECKOUT_CONFIRMATION', 'checkout_confirmation.php');

define('FILENAME_CHECKOUT_PAYMENT', 'checkout_payment.php');

define('FILENAME_CHECKOUT_PAYMENT_ADDRESS', 'checkout_payment_address.php');

define('FILENAME_CHECKOUT_PROCESS', 'checkout_process.php');

define('FILENAME_CHECKOUT_SHIPPING', 'checkout_shipping.php');

define('FILENAME_CHECKOUT_SHIPPING_ADDRESS', 'checkout_shipping_address.php');

define('FILENAME_CHECKOUT_SUCCESS', 'checkout_success.php');

define('FILENAME_CONTACT_US', 'contact_us.php');

define('FILENAME_CONDITIONS', 'conditions.php');

define('FILENAME_COOKIE_USAGE', 'cookie_usage.php');

define('FILENAME_CREATE_ACCOUNT', 'create_account.php');

define('FILENAME_CREATE_ACCOUNT_SUCCESS', 'create_account_success.php');

define('FILENAME_DEFAULT', 'index.php');

define('FILENAME_DOWNLOAD', 'download.php');

define('FILENAME_INFO_SHOPPING_CART', 'info_shopping_cart.php');

define('FILENAME_LOGIN', 'login.php');

define('FILENAME_LOGOFF', 'logoff.php');

 

 

This is the

 

includes/configure.php

 

* DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.eng1.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.eng1.co.uk');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/shop/');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/shop/');

define('DIR_WS_HTTPS_CATALOG', '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

Hope you may be able to find the missing link, so to speak.

 

Dave

 

 

 

I will get a copy of those files from the server, I have not touched them since they were installed.

Should I add the www.mysite.co.uk and so forth to the detail as all I copied to the includes/header.php was

 

<li><?php echo '<a href="' . tep_href_link(DIR_WS_HTTP_CATALOG . FILENAME_DEFAULT) . '">' . '<span>Home</span></a>'; ?></li>

 

And made no adjustments or www.mysite.co.uk added, just copy and paste into includes/header.php

 

Thanks

 

Dave

Link to comment
Share on other sites

Sorry, just double checking it's my mistake!! >_< Remove the DIR_WS_HTTP_CATALOG part so that it reads:

<li><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . '<span>Home</span></a>'; ?></li>

 

then all should be fine - will just then have to do the same for each tab.

 

Instead of FILENAME_DEFAULT you can just put filenames such as 'shopping_cart.php' (inside single quotes). Using constants such as FILENAME_DEFAULT is the preferred method incase you install various contributions. Al the filenames are set in includes/filenames.php and you can just use the name that is in all caps.

 

Tom

Link to comment
Share on other sites

Thanks again I just added the code to the first tab, as you detailed.

 

 

<li><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . '<span>Home</span></a>'; ?></li>

 

I added the following

 

(FILENAME_DEFAULT', 'index.php')

instead of just the plain FILENAME_DEFAULT

I have the following error code after adding the revised header to the server.

 

Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING in /homepages/40/db12345678/htdocs/shop/includes/header.php on line 65

 

 

What have I done wrong!

 

Dave

 

 

 

Sorry, just double checking it's my mistake!! >_< Remove the DIR_WS_HTTP_CATALOG part so that it reads:

<li><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . '<span>Home</span></a>'; ?></li>

 

then all should be fine - will just then have to do the same for each tab.

 

Instead of FILENAME_DEFAULT you can just put filenames such as 'shopping_cart.php' (inside single quotes). Using constants such as FILENAME_DEFAULT is the preferred method incase you install various contributions. Al the filenames are set in includes/filenames.php and you can just use the name that is in all caps.

 

Tom

Link to comment
Share on other sites

there's no need for both FILENAME_DEFAULT and 'index.php' you can use either but not both (FILENAME_DEFAULT is a constant that by default is set to index.php in the default install).

 

Tom

Link to comment
Share on other sites

Superb Tom

 

just changed that and we are cooking with Gas!

 

I will carry on altering the rest of the tab button names, one by one until all correct. The products one will be a site map I have yet to write and upload.

 

When using the naming of web pages in this format, have I understood this correctly, as the following.

 

(FILENAME_DEFAULT)

 

then as each page differs. e.g.

 

(, 'account.php')

 

This in place of the FILENAME_DEFAULT, as each page requires it.

 

Many thanks again Tom and in this heat as well, I am currently near Stafford, so cooking at around the same temperature. :sweating:

 

Dave

:thumbsup:

there's no need for both FILENAME_DEFAULT and 'index.php' you can use either but not both (FILENAME_DEFAULT is a constant that by default is set to index.php in the default install).

 

Tom

Link to comment
Share on other sites

Great news.

 

Just a small note - don't include the comma before the filename - it only needs to be, for example, tep_href_link('account.php') or tep_href_link('shopping_cart.php').

 

Struggling to work here even with fan blasting on me and computer keeps threatening to shutdown from overheating!! :sweating:

 

Tom

Link to comment
Share on other sites

Tom

 

just finished updating the file for the top tabs navigation, all appears working o.k.

 

From what you noted just before should I remove the , from the following.

 

<li><?php echo '<a href="' . tep_href_link('account.php') . '">' . '<span>Sign In</span></a>';?></li>

 

, before the filename , 'account.php' as listed in the includes/filenames.php File when adding them to the navigation tabs.

 

Thanks again, just got to play around with the header now to get the logo on the right and lose the small clickable gifs, then have the nav bar on the left of the header.

After that I will update the footer navigation details to match.

 

Regards

 

Dave

 

:thumbsup:

 

Great news.

 

Just a small note - don't include the comma before the filename - it only needs to be, for example, tep_href_link('account.php') or tep_href_link('shopping_cart.php').

 

Struggling to work here even with fan blasting on me and computer keeps threatening to shutdown from overheating!! :sweating:

 

Tom

Link to comment
Share on other sites

Here is an unusual point. after the changes I have noticed that I have product counts showing against each product type, in the Categories.

This is set to false in the "Admin" section, and I had it working before without the product count showing.

Most strange.

 

Regards

 

Dave

 

:-"

 

Tom

 

just finished updating the file for the top tabs navigation, all appears working o.k.

 

From what you noted just before should I remove the , from the following.

 

<li><?php echo '<a href="' . tep_href_link('account.php') . '">' . '<span>Sign In</span></a>';?></li>

 

, before the filename , 'account.php' as listed in the includes/filenames.php File when adding them to the navigation tabs.

 

Thanks again, just got to play around with the header now to get the logo on the right and lose the small clickable gifs, then have the nav bar on the left of the header.

After that I will update the footer navigation details to match.

 

Regards

 

Dave

 

:thumbsup:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...